文件权限不会inheritance目录权限
我有一个程序正在为用户输出创建一个安全的目录。 这是正常的,但我在其中创建的文件(或复制到它)最终只有管理员访问权限。
DirectoryInfo outputDirectory = baseOutputDirectory.CreateSubdirectory(outputDirectoryName, GetDirectorySecurity(searchHits.Request.UserId)); ... private DirectorySecurity GetDirectorySecurity(string owner) { const string LOG_SOURCE = "GetDirectorySecurity"; DirectorySecurity ds = new DirectorySecurity(); System.Security.Principal.NTAccount ownerAccount = new System.Security.Principal.NTAccount(owner); ds.SetOwner(ownerAccount); ds.AddAccessRule( new FileSystemAccessRule(owner, FileSystemRights.FullControl, AccessControlType.Allow)); //AdminUsers is a List that contains a list from configuration // That represents the admins who should be allowed foreach (string adminUser in AdminUsers) { ds.AddAccessRule( new FileSystemAccessRule(adminUser, FileSystemRights.FullControl, AccessControlType.Allow)); } return ds; } /// /// This method copies any static supporting files, such as javascripts /// /// private void CopySupportingFiles(DirectoryInfo outputDirectory) { foreach (FileInfo file in SupportingFiles) { file.CopyTo( Path.Combine(outputDirectory.FullName, file.Name)); } } 等等等
我究竟做错了什么? 为什么权限不级联?
看起来你应该在设置DirectorySecurity时设置InheritanceFlags和PropagationFlags (我相信它会覆盖你手动设置的任何内容)。
private DirectorySecurity GetDirectorySecurity(string owner) { const string LOG_SOURCE = "GetDirectorySecurity"; DirectorySecurity ds = new DirectorySecurity(); System.Security.Principal.NTAccount ownerAccount = new System.Security.Principal.NTAccount(owner); ds.SetOwner(ownerAccount); ds.AddAccessRule( new FileSystemAccessRule(owner, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow)); //AdminUsers is a List that contains a list from configuration // That represents the admins who should be allowed foreach (string adminUser in AdminUsers) { ds.AddAccessRule( new FileSystemAccessRule(adminUser, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow)); } return ds; }